| Account lockout duration |
Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Account Lockout Policy |
| Account lockout threshold |
Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Account Lockout Policy |
| Reset account lockout counter after |
Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Account Lockout Policy |
| Allow log on through Remote Desktop Services |
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment |
| Audit: Force audit policy subcategory settings (Windows Vista or later) to override audit policy category settings |
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options |
| Domain member: Digitally encrypt or sign secure channel data (always) |
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options |
| Domain member: Digitally encrypt secure channel data (when possible) |
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options |
| Domain member: Digitally sign secure channel data (when possible) |
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options |
| Domain member: Disable machine account password changes |
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options |
| Domain member: Maximum machine account password age |
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options |
| Domain member: Require strong (Windows 2000 or later) session key |
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options |
| Interactive logon: Number of previous logons to cache (in case domain controller is not available) |
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options |
| Microsoft network server: Amount of idle time required before suspending session |
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options |
| Network access: Allow anonymous SID/Name translation |
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options |
| Network access: Do not allow storage of passwords and credentials for network authentication |
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options |
| Network access: Let Everyone permissions apply to anonymous users |
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options |
| Network security: Allow LocalSystem NULL session fallback |
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options |
| Network security: Force logoff when logon hours expire |
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options |
| System cryptography: Force strong key protection for user keys stored on the computer |
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options |
| System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing |
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options |
| System objects: Require case insensitivity for non-Windows subsystems |
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options |
| System objects: Strengthen default permissions of internal system objects (e.g. Symbolic Links) |
Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options |